npm

3,969 tracked vulnerabilities.

CVE-2024-34343 MEDIUM
nuxt < 3.12.4 - Cross-Site Scripting via navigateTo URL Parsing Bypass
Aug 05, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39713 HIGH NUCLEI
Rocket.Chat < 6.10.1 - Server-Side Request Forgery via Twilio Webhook Endpoint
Aug 05, 2024
CVSS 8.6
EPSS 0.90
CVE-2024-42461 CRITICAL
elliptic 6.5.6 - Improper Verification of Cryptographic Signature via BER-Encoded ECDSA Signatures
Aug 02, 2024
CVSS 9.1
EPSS 0.03
CVE-2024-42460 MEDIUM
elliptic 2.0.0-6.5.6 - ECDSA Signature Malleability via Missing Leading Zero Check
Aug 02, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-42459 MEDIUM
elliptic 6.5.6 - Improper Verification of Cryptographic Signature via Missing EDDSA Length Check
Aug 02, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-41962 MEDIUM
Bostr < 3.0.10 - Improper Authorization via noscraper Bypass
Aug 01, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-41818 HIGH
fast-xml-parser >=4.3.5 <4.4.1 - Uncontrolled Resource Consumption via ReDOS in Currency Parser
Jul 29, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-6783 MEDIUM
Vue 2.0.0-2.7.15 - Cross-Site Scripting via Prototype Pollution
Jul 23, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-41655 HIGH
tf2-item-format 4.2.6-5.9.13 - Regular Expression Denial of Service via Crafted User Input
Jul 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-6485 MEDIUM
Bootstrap 1.4.0-3.4.0 - Cross-Site Scripting via Button Plugin data-loading-text Attribute
Jul 11, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-39693 HIGH
Next.js 13.3.1-13.4.19 - Denial of Service via Resource Consumption
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21526 HIGH
speaker - Denial of Service via Channels Property Assertion Failure
Jul 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21525 HIGH
node-twain - Buffer Overflow via Long Product Name or Manufacturer String
Jul 10, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-21524 HIGH
node-stringbuilder < 2.2.7 - Out-of-bounds Read via ToBuffer, ToString, or CharAt
Jul 10, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-21523 HIGH
npm/images - Denial of Service via Unexpected Input Types
Jul 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21522 HIGH
audify - Denial of Service via Negative frameSize in OpusDecoder
Jul 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-39698 HIGH
electron-builder < 6.3.0 - Signature Validation Bypass via Environment Variable Expansion
Jul 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-38372 LOW
undici >=6.14.0 <6.19.2 - Information Exposure via response.arrayBuffer()
Jul 08, 2024
CVSS 2.0
EPSS 0.00
CVE-2024-39896 HIGH
Directus < 10.13.0 - User Enumeration via SSO Error Messages
Jul 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39701 MEDIUM
Directus 9.23.0-10.5.3 - Improper Access Control via Empty Array Evaluation in _in and _nin Operators
Jul 08, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39691 MEDIUM
matrix-appservice-irc < 2.0.1 - Information Disclosure via Homeserver Timestamp Manipulation
Jul 05, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39943 CRITICAL
rejetto HFS < 0.52.10 - Authenticated OS Command Injection via df Command Execution
Jul 04, 2024
CVSS 9.9
EPSS 0.78
CVE-2024-39309 CRITICAL
Parse Server < 6.5.7 and 7.0.0-7.1.0 - SQL Injection via PostgreSQL Configuration
Jul 01, 2024
CVSS 9.8
EPSS 0.04
CVE-2024-37146 MEDIUM
Flowise < 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via /api/v1/credentials/id Endpoint
Jul 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37145 MEDIUM
Flowise < 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Chatflow ID Parameter
Jul 01, 2024
CVSS 6.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV